1 0 / 577 681 

mamd^sym 28 apr 2so6 

Communications Apparatus And Method 

This invention relates to communications apparatus and a method. It 
particularly relates to apparatus including a router and a method involving 
a router using a point to point protocol. 

Routers are used to interconnect networks and the Internet, for example, 
is made up of a plurality of networks interconnected by routers. A local 
area network of interconnected computers in a department may be 
connected by a router to other local area networks serving other 
departments in an organisation and also to external networks and the 
Internet. 

A communication is directed by the router by using an Internet Protocol 
IP address allocated to a particular terminal on the network. It will be 
appreciated that there are only a limited although large number of 
20 possible addresses. In order to cater for the large number of terminals 
there are global IP addresses for networks and local IP addresses for the 
terminals. The global addresses are allocated by Internet service 
providers coordinating with the Internet Assigned Number Authority and 
the local IP addresses provided from a scheme set up and maintained by 
25 the controller of the LAN, In order to route a communication for a 
terminal on a LAN served by the router, address translation tables are 
provided to translate from a global IP address to a local address. The 
advantage of this translation process is that it is relatively straightforward 
to add new terminals to the LAN or to make other changes requiring an 
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update to the address. The translation process is referred to as Network 
Address Translation (NAT) and it is usually carried out by a software 
entity within the router. 

By using the NAT technique the global addresse are dynamically 
allocated to a connection. When the communication is finished the 
address is freed for use by another connection. A further software entity 
within the router called a connection controller monitors the traffic and if 
a connection is not used for a particular length of time the connection is 
timed-out and broken and the address freed for re-allocation when 
required. The approach adopted is a simple one in which traffic on the 
link is used to indicate that the link is in use. That traffic however may 
include packets that are unwanted by a terminal on the LAN and will not 
be answered when passed to the LAN by the router. For example, a 
terminal user may have been engaged in browsing the Internet and then 
discontinued using the browsing application program, Internet frames 
may still be being delivered which are unwanted. This traffic on the link 
will result in the connection controller maintaining the connection. 
Accordingly, this so-called "short-hold" process may lead to an address 
being held which could be usefiiUy re-allocated. 

According to the invention there is provided communications apparatus 
comprising a router and a connection controller which router, in use, 
routing data to and from terminals on a local area network and the 
25 connection controller controlling connections involving at least one of the 
terminals, a network address translation translator for translating 
addresses on incoming data to addresses of terminals on the network; a 
monitor for monitoring the usage of a network addresses and for sending 
a message indicative of non-usage to the connection controller; the 
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connection controller being responsive to the receipt of the message to 
determine whether to release the connection. 

By sending a message to the connection controller when an address is 
5 unused the connection will be cleared even when a short-hold process 
would otherwise be implemented and the link apparently being used by 
packets arriving at the router which are unwanted. 

By releasing the connection sooner than would otherwise be the case 
10 connection costs will be reduced. A yet further benefit is that the security 
of the network is enhanced. 

The invention may be used to break more than one PPP-connection. In 
some arrangements the router may be used to provide connections to 
15 more than PPP interface and more than one LAN. The invention allows 
the use of connection controllers embodied as software objects each 
controlling a particular PPP connection and each may be made responsive 
to a message to release the connection. 

20 The invention also provides a method. 

A specific embodiment of the invention will now be described with 
reference to the drawing in which: 

25 Figure 1 shows a local area network of computer terminals connected by 
a router operating in accordance with the invention to the Internet; and 

Figure 2 shows the router and network of figure 1 in greater detail. 
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As is shown in figure 1 , a local area network LAN 1 is formed of a 
number of computer terminals 2 to 7 linked by an Ethernet 8. The LAN 1 
is connected to the Internet 9 by a router 10. The connections to the 
terminals 2 to 7 and the Intemet are controlled by a software entity within 
5 the router 10 called a connection controller 1 L The router 10 also 
includes a network address translation (NAT) translator 12 (sometimes 
referred to as a NAT box) which hold translation tables in memory (not 
shown) and an IP router 1 3 . 

10 Whilst in this embodiment the router 10 is connected to one LAN 

respective PPP-interface it will be appreciated that it may serve more than 
one LAN or more than one PPP-interface. (Each PPP-interface may have 
its own individual connection controller) 

15 The router 10 is connected to a modem 14 and thence via an intemet 
service provider 15 to the Intemet 9. The link to the modem 14 is a 
digital subscriber line (DSL) operating in accordance with a point to point 
protocol (PPP) and a point to point protocol over Ethernet (PPPoE). (The 
link may in alternative embodiments be an Integrated Digital Services 

20 Network (ISDN) line and in general involve the use of other protocols). 

The LAN 1 operates in accordance with Ethernet standard IEEE 802.3. 
The connection control establishes a connection between a terminal on 
the LAN 1 and the Intemet service provider 1 5 to permit Intemet 
25 browsing by an application program mnning on the terminal or to allow 
emails to be sent and received. It will be understood that each terminal 
may have more than one application utilising the connection at any given 
time. Each application will utilise a logical port. For example, terminal 2 
may be running an Intemet browser and an email application. The 
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browser application will be served via a first logical port and the email 
application served by a second logical port. 



With the connection made, information in the form of datagrams 
5 compatible with TCP/IP protocol flow between the Internet 9 and the 
ports. 

Figure 2 shows the modem 14, router 10 and LAN 1 in more detail. 
The network address translator 12 allocates to an application an address 

10 to be used for the purpose of the connection. As is shown in figure 2, the 
terminals have an IP address of the form IPi, IPj and IPk. Each 
application mnning on the terminal will require a port. In the figure, the 
terminals are shown with just one port having an identifier Portl, Portm 
and Portn. The terminal address IPi, IPj or IPk is an internal LAN 

1 5 address set up in accordance with an addressing scheme supported by the 
LAN operator. Both the IP address and the port addresses are stored in a 
memory structure within the translator 12 called a Network Address 
Translation Table (NAT). The table has two fields 16 and 17 which 
contain the global address information. This is of the form IPg Portguos 

20 where g denotes global. The local IP addresses and port numbers are 
written into the rows of field 17(and in some applications in other fields). 
The global session IP address and the corresponding global port numbers 
are written in the corresponding division of the address field 16. 



25 



When the connection is established, the internet sender communicating 
with the terminal 2 utilises an IP address IPg included in the arriving 
packets. This is the address that will be used for the rest of the 
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connection and is therefore called the session IP address. In the examples 
given this address will be converted into a local IP address and terminate 
in 1, 2 or 3, Thus for a datagram to arrive from the Internet at the router 
10 for forwarding to an application on a terminal it will include the router 
5 address for example 1 00. 1 . 1 .5 and a specific port number which is 
utilized by the router to address a specific local terminal and the 
corresponding application. The network address translator responds to the 
global IP/Port address to retum the appropriate local IP and port address 
from field 1 7 and the IP router 1 3 sends the data onto the LAN 1 with an 

10 appropriate header. Note, that the correct conversion from global to local 
addresses can be done by the router as the communication is always 
initiated from the local LAN, so the router stores that initial local 
addresses and converts these to global addresses, all having the same IPg 
but different Port addresses. When the packets retum with the global 

1 S address information, the router can reassign the original local values 

The terminals 2 to 7 may be located on one departmental LAN. This 
grouping may be served by one interface on the router which connects the 
group to the Internet. The usage of the connection of the group as a 
20 whole on this interface will be monitored by the IP router 13. IP packets 
arriving and leaving the LAN by the interface indicate that the connection 
is still required. 

A fiirther entry in the NAT table 1 2 is provided to record the time at 
25 which the IP router 13 determines that a specific row of tables 16 and 17 
has been used for the last time. These are the entries Zx to z^ in the field 
17. When the difference between this time and a current time 
determined by reference to an internal clock exceeds a threshold, the 
entry (row) is marked as "unused" in the unused flag Ux to u^. If all of the 
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rows in the table are unused then the connection controller 1 1 will be 
instructed to clear the connection. (This connection being a DSL or ISDN 
connection.) The table is checked by the IP router 13 in cycles and 
updated. . In essence, if we consider the period of checking the NAT 
5 table entries as a monitoring period Tc then , n the number of cycles may 
be derived from the short hold time Ts as follows to mark an entry as 
unused: 

n=integer(Ts/Tc)+ 1 . 

10 

A NAT entry that has been unused for n cycles is marked as "unused" but 
not deleted although the connection may already have been broken by the 
connection controller. It will remain until the NAT lifecycle has expired. 
The NAT lifecycle may be greater than Ts in order to support 
15 applications having large timeouts between several data transmissons 

When the IP router 1 3 determines that all the connections to the ports are 
unused it sends a message M to the connection controller 1 1 indicating 
that the link to LAN 1 is not in use. The connection controller 1 1 is 
20 responsive to this message to break the connection to the ISP 15 

The use of the message therefore circumvents the use of the short term 
hold that may be applied by the connection controller 1 1 and frees the 
connection sooner than would otherwise be the case. 

25 In an enhancement of the described embodiment, if a terminal reports via 
standard TCP protocol features to the IP router 1 3 that it has been sent 
packets which are not required by an application running on the terminal, 
then it will trigger the entry zl, z2 or z3 to be set to unused. This will 
cater for erroneously sent packets and also packets being sent to a 
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terminal which has closed down say its internet browsing application 
when the packets are in transit. 

Another enhancement, the router will periodically poll the terminals on 
5 the LAN. In the event that a terminal is inactive the unused flag for the 
corresponding row may be set, resulting in the breaking of the connection 
if all unused flags are set. 

In the described alternative the router initiates the release of the 
10 connection via the message M to the connection control. In an other 
alternative the router periodically tells the connection control when the 
last usage of any of the NAT entries (row) took place so that the 
connection control can control the timeout for the release of the PPP link 
itself. 

15 

Whilst in the described embodiment the network translator, the IP router 
and the connection controller as shown within one routing unit they may 
be furnished as separate components. More than connection controller 
may be provided and they may be embodied in software as software 
20 objects. 
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